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(st) An improved security system, including a porta- 
ble smart card (500) and a host computer (600), 
eliminates the need for the computer to store individ- 
ual personal identification (ID) numbers for each user 
seeking access to the computer. Instead, the com- 
puter stores a first encryption algorithm Ei used in 
converting a particular identification number (ID) n 
into a secret code S n for that particular user. S n also 
exists within the memory of the smart card having 
been loaded into its memory at the time of issue. A 
challenge number C is generated by the computer 
and transmitted to the smart card. Within the smart 
card and the computer, microprocessors respond to 
the challenge number C, the secret code S n , and a 
second encryption algorithm E2 in order to generate 
response numbers R n and R n respectively. There- 
after. R n is transmitted to the computer where it is 
compared with R n . A favorable comparison is nec- 
ssary for gaining access to the computer. 



FIG. 1 





DATABASELESS SECURITY SYSTEM 



Technical Field 



The present invention relates to a system for 
granting access to a secure facility, and more 
particularly to an authentication procedure. 

Background of the Invention 



A challenge for those who provide secure facili- 
ties is to exclude all unauthorized persons seeking 
entry while simultaneously making authentication 
procedures as convenient as possible for both au- 
thorized persons and facility administrators. Such 
goals are frequently incompatible with each other. 

The use of a password is perhaps the simplest 
and least expensive technique for providing access 
security. Additionally, passwords are relatively easy 
to change. However, there are problems with pass- 
words; when they are fixed for long periods of time 
the chances of guessing them are improved; and 
when they are changed too frequently, they are 
forgotten by the rightful users. Further, when pass- 
words are transmitted across an interface, they can 
be intercepted by anyone with the proper monitor- 
ing equipment. 

In one known system, a common secret code 
is stored within each of two devices (key and lock). 
The secret codes are logically combined with a 
random number, available to each device, and the 
resulting numbers are compared with each other 
for identity. This technique is generally employed 
by various data communication systems (see e.g. 
"Locking Up System Security" - Electronics Week 
February 18, 1985 regarding Intel Corporation's 
27916 KEPROM™ Keyed Access EPROM). Ad- 
vantageously, the secret code itself needs never be 
transmitted so that an electronic intruder, monitor- 
ing interface signals, sees only the random data 
(challenge) and the modified random data 
(response) which are insufficient to teach the cor- 
rect response to subsequent challenges. Unfortu- 
nately, this technique stores the same secret code 
in all keys which precludes selective revocation of 
lost or stolen keys. 

One way to prevent tampering with private 
information in electronic systems is the use of 
cryptosystems (i.e., methods for encrypting, or 
transforming, information so that it is unintelligible 
and, therefore, useless to those who are not meant 
to have access to it). Ideally, the transformation of 
the information is so complicated that it is beyond 
the economic means of an eavesdropper to reverse 
the process. The eavesdropper is ther fore not 
inclined to become an intruder who not only would 



compromise the confidential nature of the stored 
information, but also might engage in forgery, van- 
dalism and theft. A popular technique, known as 
public-key cryptography, relies on the use of two 
5 keys - one to encode the information and another 
to decode it. These keys are related in the sense 
that they serve to specify inverse transformations; 
however, it is computationally infeasible to derive 
one key from the other. That being the case, one of 

70 the keys can be made public for improved conve- 
nience without compromising the security of such a 
system. Applying public-key cryptography to the 
challenge of excluding unauthorized persons seek- 
ing entry to a secure facility, the party seeking 

/s entry would use his private key to encrypt 
(authenticate) a message. The party receiving the 
encrypted message would use the public key of 
the transmitter to decrypt the incoming message in 
order to transform it to its original text. A discus- 

20 sion of such systems is contained in the August, 
1979 issue of Scientific American in an article by 
Martin E. Hellman entitled "The Mathematics of 
Public-Key Cryptography." An example of a public- 
key system is disclosed in U.S. Patent 4,453,074 

25 issued to S. B. Weinstein for a "Protection System 
for Intelligent Cards." Unfortunately, in public-key 
systems, the party receiving the encrypted mes- 
sage must maintain a database that contains the 
public keys of all parties having authorization to 

30 enter the secure facility. 

One particularly promising system involves the 
use of a password along with a smart card that 
exchanges data with an authentication device dur- 
ing an authentication procedure. It is noted that the 

35 smart card contains a processor and a memory; it 
is portable and frequently has the shape of a 
conventional credit card. Security is improved by 
requiring the holder of the smart card to remember 
a password. This password can either be sent to 

40 the smart card enabling it to exchange data with 
the authentication device, or the password can be 
sent directly to the authentication device itself. In 
either case, two conditions must now be satisfied: 
something in the user's head and something in the 

45 user's hand. 

A known system stores an identification (ID) 
number within each smart card which is transmitted 
to the authentication device in order commence the 
authentication procedure. The authentication device 

so scrutinizes the ID number to determine whether it 
corresponds to a presently valid ID number and 
then commences the authentication procedur oniy 
when the result is affirmative. Such a system is 
disclosed in U.S. Patent 4,471,216. While personal 
identification numbers additionally offer the ability 
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to improve flexibility (e.g., expiration date may be 
built into the ID itself), the storage of each individ- 
ual ID number in the authentication device requires 
significant memory space. For example, storing 
25,000 user keys, each 8 bytes long, requires 200K 
bytes of memory. Further, each time a new smart 
card is issued, the memory of the authentication 
device must be updated to recognize it. This is 
particularly impractical in a distributed system 
where, for example, the authentication device is 
used in connection with room or building access. 
Even when the authentication device comprises a 
host computer that is easily updated, it is un- 
desirable from a security standpoint to store all ID 
numbers therein because they might be compro- 
mised if someone found a way to break into the 
computer. 



Summary of the Invention 

A security system includes a portable object, 
such as a smart card, and an authentication device 
for electrically interacting with the portable object 
to regulate access to a secure facility. An iden- 
tification number (ID) n is presented to the authen- 
tication device which uses an encryption algorithm, 
Ei , to convert it into a secret code S n . The authen- 
tication device also generates a challenge number, 
C ( which is transmitted to the portable object. 
Stored within the portable object is secret code S n 
and encryption algorithm E2 which are used to- 
gether with the challenge number C to create a 
response signal R n . Stored within the authentication 
device is encryption algorithm E2, which is used 
together with secret code Sn and the challenge 
number C to create response signal R n . A favorable 
comparison between R n and R n is necessary to 
gain access to the secure facility. 

In an illustrative embodiment of the invention, 
Ei and E2 are identical processes that use different 
master strings (secret keys) to transform a first 
binary number into a second binary number. 
Knowledge of the encryption algorithm, however, is 
insufficient for an intruder to determine the master 
string. The present invention illustratively uses the 
Data Encryption Standard (DES) in the implementa- 
tion of E\ and E2. 

In a preferred embodiment of the invention, 
challenge number C is a 64-bit random number. 
Such numbers are generally non-repeating and en- 
hance security by virtue of their non-predictable 
character. 

The present invention advantageously regu- 
lates access to any one of a number of protected 
resources including information, cash, and physical 
entry into a facility without requiring the transmis- 
sion of secret information across an interface. Im- 



portantly, the present invention eliminates the need 
to store and administer identification information 
regarding each user entitled to access to the pro- 
tected resources. 

5 It is a feature of the present invention that 

multiple secret codes are easily stored within a 
smart card, each providing access to a different 
facility, or backup access to the same facility in the 
event of a security breach (e.g., the master string 

70 becomes known). In the situation that security is 
breached, new secret codes can be derived at the 
authentication device by merely using a new mas- 
ter string. Such new secret codes would have al- 
ready been stored within each smart card at the 

75 time of issue as a precautionary measure. Thus, 
should security become compromised, new smart 
cards do not need to be issued. 

These and other features of the present inven- 
tion will be more fully understood when reference 

20 is made to the detailed description and associated 
drawing. 



Brief Description of the Drawing 

25 

FIG. 1 is a flow diagram illustrating the various 
steps performed in practicing the invention; 
FIG. 2 is a flow diagram of the enciphering 
computation of the Data Encryption Standard; 
30 FIG. 3 is a block diagram that illustrates the 
calculation of f(R.K) used in the Data Encryption 
Standard; 

FIG. 4 discloses selection table Si used in the 
Data Encryption Standard; 
35 FIG. 5 is a block diagram representation of the 
major functional components of a smart card 
system and their general interconnection with 
each other; 

FIG. 6 illustrates use of the present invention in 
40 a computer access security system in accor- 
dance with the invention; 

FIG. 7 illustrates use of the present invention in 
a premises access security system in accor- 
dance with the invention; 
45 FIG. 8 discloses the functional components of a 
door lock such as used in connection with FIG. 
7; 

FIG. 9 illustrates the structure of a master string 
used in the encryption process; 
50 FIG. 10 illustrates the structure of a challenge 
signal including information regarding the selec- 
tion of the secret code to be used during the 
encryption process; and 

FIG. 11 discloses a pseudo-random number 
55 generator suitable for use as a challenge num- 
ber generator. 

Detailed Description 
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GENERAL 



Referring to FIG. 1, there is disclosed a dia- 
gram which illustrates the salient features of the 
invention in modified flow chart form. The mechani- 
cal analog of a key and a lock is useful in connec- 
tion with FIG. 1 because smart card 500 functions 
as a key and authentication device 700 functions 
as a lock. Since the authentication process requires 
activity on the part of both the smart card and the 
authentication device, the activity associated with 
each part is segregated to assist the reader in 
understanding the invention. Although not requned 
in the practice of the invention, security is en- 
hanced by requiring the holder of the smart card to 
enter a password into the smart card, enabling it to 
commence the authentication process by transmit- 
ting a personal identification number (ID) n to au- 
thentication device 700. Alternatively, the holder of 
the smart card could directly transmit (ID) n to the 
authentication device 700. In either case, the fol- 
lowing steps describe the authentication process: 
(1) In response to the receipt of a signal such as 
(ID) n , box 740 recognizes the signal and initiates 
the generation of a challenge number. Additionally, 
secret code S n is created (box 710) using encryp- 
tion algorithm Ei (box 730) and the proffered per- 
sonal identification number (ID) n . (2) Challenge 
number C is generated (box 750), transmitted to 
smart card 500, and used internally (box 720). Note 
that a valid ID number is not required to initiate the 
generation of a challenge number - a feature that 
helps preserve confidentiality of the ID number. (3) 
Both the smart card 500 and the authentication 
device 700 (box 563 and box 720) calculate a 
response (R n and R „ respectively) to the challenge 
number. Since secret code S n and encryption al- 
gorithm E2 are contained in both the smart card 
and in the authentication device, the responses 
should be identical when compared (box 760). (4) 
Block 770 further enhances security, with minimum 
inconvenience to the system administrator, by test- 
ing whether the proffered (ID) 0 corresponds to a 
lost or stolen card. The list of such cards is pre- 
sumably small and is seldom updated. Once all of 
the above steps have been successfully complet- 
ed, access to the computer is granted, a door is 
opened, a credit transaction is validated, or cash is 
delivered, etc. 

The various boxes need not reside within the 
particular device as shown in FIG. 1. For example, 
in a number of applications, the challenge number 
generator can be located within the smart card 
while still preserving the benefits of th invention. 
Indeed, in the peer-to-peer authentication applica- 
tion described hereinafter, each smart card con- 
tains a challenge number generator, means for 
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comparing respon&o numbers, and the E\ algo- 
rithm including a master string. Further, user inter- 
face 100 can be built into the smart card 500 or the 
authentication device 700. It is an important advan- 
5 tage that the list of valid ID numbers need not be 
stored within the authentication device. It is suffi- 
cient that only the encryption algorithm Et, original- 
ly used to create S n from (ID) n . needs to be stored. 
Stored within memory box 550 of smart card 

70 500 is the above-identified personal identification 
number (ID) n that is unique to that card. Also stored 
within box 550 are one or more secret codes S n 
and encryption algorithm E 2 . 

Secret code S n comprises a plurality of binary 

75 digits stored in memory that are not accessible 
from outside the card. Further, S n is written into 
memory at a time when the ID number is first 
assigned by the card issuer. S n is linked to a 
particular personal identification number, designat- 

20 ed, (ID) n by the functional relationship S n = Ei - 
(ID) n . What this means is that encryption algorithm 
Ei maps each unique personal identification num- 
ber into a unique secret code. As a practical mat- 
ter, a secret computer program transforms input 

25 signal (ID) n into output signal S n . It is the use of 
this particular transformation that eliminates the 
need to store individual ID numbers. More will be 
said about this later. 

Encryption algorithm E2 is a computer program 

30 executed by a microprocessor. It is jointly respon- 
sive to secret code S n and to input binary data 
signal C for generating an output binary data signal 
R n . Computation of R n is indicated in box 563 
where C is the challenge number and R n is the 

35 response. For improved security, C is a large non- 
repeating number so that an intruder making a 
large humber of observations of the challenge and 
response will never learn the manner by which they 
are related. So long as C and S n are finite, how- 

40 ever, it is theoretically possible for the determined 
intruder to learn the correct response to all chal- 
lenges. Nevertheless, with a moderate length se- 
cret code, say 64 bits, there are approximately 18 
x 10 18 possible unique secret code combinations. 

45 Even with a computer aided lockpick that tried 10 
billion different combinations every second, it 
would take 57 years to examine all combinations. 
This period could be lengthened substantially if 
additional delay, say 1 second, was introduced 

50 between challenge and response. By way of exam- 
ple, and not limitation, C may be a random num- 
ber, pseudo-random number, or even a time clock 
(year: month: day: hour: seconds: tenths: etc.). 
Stored in box 770 are the ID numbers of lost 

55 and stolen cards as well as numbers that have 
expired or, for one reason or another, no longer 
have permission to access the facility. Advanta- 
geously, even though the authentication device 
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"knows" at the outset that the proffered ID number 
is unacceptable, access to the facility is not denied 
until the entire process has been completed. Thus, 
only minimum information is given to potential in- 
truders. Storing a list of unacceptable numbers 
allows customization with minimum susceptibility to 
fraud. There is little or no incentive to increase the 
list of unacceptable ID numbers; while on the other 
hand, a great temptation exists to fraudulently in- 
crease the list of acceptable ID numbers - a temp- 
tation that the present invention eliminates. 

DATA ENCRYPTION STANDARD (DES) 



The purpose of any encryption algorithm is to 
convert confidential information (data) into a form 
that renders it unreadable to all except those who 
know how to decode the message. One simple 
technique involves substituting one letter of the 
alphabet with another for each of the letters. Such 
encryptions, however, are relatively easy to de- 
crypt, even for the unsophisticated intruder. More 
complex techniques have arisen over the years to 
stay ahead of unsolicited decryption experts, and 
the art has progressed to the point that techniques 
exist that are so good that it no longer makes 
sense to try to unravel an encryption signal. One 
such technique that has gained wide acceptance is 
the Data Encryption Standard (DES) that is in- 
tended for implementation in special purpose elec- 
tronic devices. In 1977, the National Bureau of 
Standards (now NIST) issued DES as a Federal 
standard, and the National Security Agency has 
certified new products using the standard. While a 
relatively brief discussion of the application of DES 
to the invention is set forth below, a more com- 
prehensive treatment is set forth in the January 
15,1977 Federal Information Processing Standards 
Publication 46 (FIPS 46), entitled "Specifications 
for the Data Encryption Standard." 

DES is a private-key scheme in which both 
encrypting and decrypting keys are identical and 
secret. DES operates on data in blocks of 64-bits, 
sending it through 16 stages of the algorithm be- 
fore exiting as a 64-bit cipher text. Encryption 
relies heavily on proper management of keys - the 
strings of characters that must be input to the 
algorithms before encryption or decryption can 
take place. The present invention does not require 
decryption, but rather relies on a comparison be- 
tween two encrypted signals. Encryption algorithms 
Ei and E2 each use DES to achieve encryption; 
however, the data blocks and keys are obtained 
from different sources. After a brief explanation of 
DES is given, it will be applied to the present 
invention. 



A flow diagram that illustrates the sequential 
operations performed in the DES enciphering com- 
putation is shown in FIG. 2. Input box 201 com- 
prises a 64-bit ordered set (vector) of binary digits 

5 whose order is rearranged (permuted) according to 
a known pattern in an operation akin to shuffling 
cards. The permuted block of 64-bits is now split 
into two boxes 203 (U) and 204 (R 0 ), each com- 
prising 32-bits in an operation akin to cutting the 

10 cards. At this point, the card shuffling analogy fails 
because mathematical operations 205 (modulo-2 
addition) and 206 (cipher function f) are introduced 
along with key K. Values for Ki... Ki6 are selected 
in accordance with 16 different predetermined 

15 schedules whereby each K n comprises an ordered 
set of 48-bits chosen from the 64-bit key. 

For completeness, the operation of cipher func- 
tion (f) is shown in FIG. 3 where the calculation f(R t 
K) is diagrammatically laid out. In this figure, E 

20 denotes a function which takes a block of 32-bits 
as input and yields a block of 48-bits as output. 
The E function is very similar to the initial permuta- 
tion of box 202, but now certain of the bits are 
used more than once. These blocks of 48 bits, 

25 designated 303 and 304 in FIG. 3, are combined 
by modulo-2 (exclusive or) addition in box 305. 

Selection functions Si,S2 Ss take a 6-bit input 

number and deliver a 4-bit output number in accor- 
dance with a predetermined selection table such as 

30 shown in FIG. 4 which discloses the Si, function. 
For example, if Sj is the function defined in this 
table and B is a block of 6 bits, then Si(B) is 
determined as follows: The first and last bits of B 
represent, in base 2, a number in the range 0 to 3. 

35 Let that number be i. The middle 4 bits of B 
represent, in base 2. a number in the range 0 to 
1 5. Let that number be j. Look up in the table the 
number in the iHh row and jHh column. It is a 
number in the range 0 to 15 and is uniquely 

40 represented by a 4-bit block. That block is the 
output Si(B) of Si for the input B. Thus, for input 
011011 the row is 01 (i.e., row 1) and the column is 
determined by 1101 (i.e., column 13). In row 1, 
column 1 3 the number 5 appears so that the output 

45 is 0101. Selection functions, Si, S2,... Ss appear in 
the Appendix of the above-mentioned publication 
FIPS 46. 

Referring once again to FIG. 3, the permutation 
function P is designated 306 and yields a 32-bit 
so output (307) from a 32-bit input by permuting the 
bits of the input block in accordance with table P, 
also set forth in FIPS 46. 



ENCRYPTION ALGORITHMS E, AND E 2 



DES is now applied to encryption algorithm Ei 



which is used to convert (ID) n .0 S n . Note thaf 
when the smart card is issued, it comes equipped 
with S n already stored in its memory. Reference is 
now made to FIG. 9 which illustrates the structure 
of the master string which comprises 640-bits of 
secret data used by the encryption algorithm E,. 
The master string is interpreted as 10 separate 
characters (addressable by digits 0-9), each having 
64 bits of data. The ID number comprises a block 
of 6 digits, each assuming some value between 0 
and 9 inclusive. In the following example, encryp- 
tion algorithm Ei operates on (ID) n (illustratively set 
equal to 327438) in the manner indicated. The first 
operation requires that the third character of the 
master string be combined with the second char- 
acter of the master string in accordance with the 
DES enciphering computation. This operation is 
denoted d(3.2) where 3 is treated as the data block 
and 2 is treated as the key. The operation per- 
formed is shown in FIG. 2 in which the 64-bit 
number corresponding to the third character of the 
master string is used as input 201, the 64-bit 
number corresponding to the second character of 
the master string is used as K, and output 210 is a 
64-bit number (designated "A") that will be used in 
a second operation. 

The second operation performed is similar to 
the first except that "A" is combined with the 
seventh character of the master string in accor- 
dance with the DES enciphering computation. This 
operation is denoted by d(A,7) where A is a 64-bit 
number used as input 201, and the 64-bit number 
corresponding to the seventh character of the mas- 
ter string is used as K, The operation performed is 
shown in FIG. 2 and output 210 is a 64-bit number 
(designated "B") that will be used in a third opera- 
tion. 

These operations continue until all of the digits 
of (ID) n are used. The last operation, d(D,8), results 
in a 64-bit number which is used as the secret 
code S n . Accordingly, in this example, encryption 
algorithm Ei uses the digits of (ID) n to index char- 
acters of the master string. The DES enciphering 
computation shuffles these secret keys in a known, 
but non-reversible, manner to generate S n . 

DES is now applied to encryption algorithm E 2 
which is used to convert S n and C into a response 
number R n (within the smart card), or R n (within 
the authentication device). S n and C each comprise 
a 64-bit number which makes them ideally suited 
for the encryption computation shown in FIG. 2. 
Indeed, S n and C are "shuffled" in accordance with 
the DES enciphering computation described above 
(see FIG. 2), and output box 210 now contains a 
64-bit number designated R n or R' n . These num- 
bers are thereafter compared, and when they are 
identical the smart card is deemed to be authen- 
ticated. Although the DES enciphering computation 



is illustratively she .i. it is understood that other 
enciphering computations, having greater or lesser 
complexity, may be used without departing from 
the spirit of the invention. 

5 

CHALLENGE NUMBER GENERATOR 



10 There are many techniques for generating suit- 

able challenge numbers. Ideally such numbers are 
long, non-predictable, non-repeating and random. 
One known technique involves periodically sam- 
pling the polarity of a noise source, such as an 

15 avalanche diode, whose average dc output voltage 
is zero. As discussed above, the challenge number 
generator 750 (FIG. 1) may generate a random 
number, a pseudo-random number, or even a pre- 
dictable number - depending on the degree of 

20 security warranted in the given application. One 
challenge number generator is shown in FIG. 11 
which provides a pseudo-random number at its 
serial data output The generator comprises a 64- 
stage shift register whose output is modulo-2 com- 

25 bined (via Exclusive-OR gates 111,112) with var- 
ious of its stages and then fed back to the input of 
the generator. Although the serial data output pat- 
tern is very long (potentially generating all possible 
combinations of 64 bits), it eventually repeats itself. 

30 Nevertheless, by accelerating the clock rate at 
times when a challenge number is not needed, it 
would be most difficult to predict which particular 
combination of 64 bits was coming next. 

The randomness of the challenge number is 

35 further improved by using the DES enciphering 
computation shown in FIG. 2. Here, the Parallel 
Data Output (X 0f ... X G3 ) of the pseudo-random 
number generator shown in FIG. 11 is used as 
input 201 in FIG. 2, while one character of the 

40 secret master string is used in obtaining the var- 
ious values for K. Recall that values for Ki... Ki G 
are selected in accordance with 16 different pre- 
determined schedules whereby each comprises 
an ordered set of 48-bits chosen from a 64-bit key. 

45 Since the software needed to implement DES, or 
the particular encryption algorithm used, is already 
in place in both the smart card and in the authen- 
tication device, it is cost effective to use it in 
connection with the generation of a challenge num- 

50 ber. Indeed, if DES is used in forming the chal- 
lenge number, it would be sufficient to increment a 
register each time a new challenge number is 
needed, and then use that number, rather than 
Xo,... Xe 3 . as input 201 in FIG. 2. 

55 

SMART CARD 
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Referring now to FIG. 5 there is disclosed a 
block diagram of a smart card 500 and a 
reader/writer unit 900 such as used in connection 
with the present invention. Although shown in 
greater detail in U.S. Patent 4,798,322, a brief 
description is presented here. Some of the princi- 
pal components located on smart card 500 are 
microprocessor 560, electrically erasable program- 
mable read-only memory (EEPROM) 550, analog 
interface circuit 540, secondary winding 521 of 
transformer 920, and capacitive plates 541-544. 

Microprocessor 560 includes a central process- 
ing unit and memory means in the form of random 
access memory and read-only memory. A micro- 
processor available from Intel Corporation such as 
Part No. 80C51 may be used with the proper 
programming. Operating under firmware control 
provided by its internal read-oniy memory, the 
microprocessor 560 formats data to the EEPROM 
550 and to the reader/writer unit 900 via the analog 
interface circuit 540. EEPROMS are available from 
a number of suppliers, many of whom are men- 
tioned in an article entitled "Are EEPROMS Finally 
Ready to Take Off" by J. Robert Lineback, Elec- 
tronics, Vol 59. No. 7. (Feb 17,1986), pp. 40-41. 
Data may be written to or used from an EEPROM 
repeatedly while operating power is being applied. 
When operating power is removed, any changes 
made to the data in the EEPROM remain and are 
retrievable whenever the smart card 500 is again 
powered. 

The analog interface circuit 540 provides a 
means for interfacing smart card 500 with 
reader/writer unit 900. Within analog interface 540 
are circuits responsive to capacitors 541-544, for 
exchanging data with reader/writer unit 900. Power 
for operating the card 500 is provided to the analog 
interface circuit 540 via inductive transfer, received 
by the secondary winding 521 of transformer 920. 
This transformer is formed when secondary wind- 
ing 521 is coupled to a primary winding 921 within 
the reader/writer unit 900. The transformer 920 
may advantageously include a ferrite core 922 in 
the reader/writer for increased coupling between 
the transformer primary winding 921 and secon- 
dary winding 521. A second such core 522 may 
also be included in the transformer 920 to further 
increase coupling efficiency. The primary winding 
921 is driven at a 1.8432 MHz rate by power 
supply 930 whose operation is described with par- 
ticularity in U.S. Patent 4,802,080 issued January 
31,1989. 

. Within the reader/writer unit 900, analog inter- 
face circuit 940 exchanges data with the smart card 
500 under control of microprocessor 960. Capacitor 
plates 941-944 ar aligned with the mating capaci- 
tor plates 541-544 within the smart card 500. The 
input/output serial data interface 950 is basically a 



universal asynchronous receiver transmitter (UART) 
which may be advantageously included in the 
microprocessor 960. This UART is used for exter- 
nally communicating with a suitably configured ap- 

5 plication station 990. 

Application station 990 represents any one of a 
variety of stations, terminals or machines capable 
of interacting with the reader/writer unit 900 for the 
purpose of selectively granting access to the re- 

10 sources which it controls such as cash, premises 
access, information in a computer, credit authoriza- 
tion for a telephone call or the purchase of goods, 
etc. Stored within the application station is the 
computational power to carry out the authentication 

75 procedure disclosed in FIG. 1. Reader/writer unit 
900 may itself be part of the application station 990 
and its microprocessor 960, when provided with 
sufficient memory, is suited to carry out the au- 
thentication procedure. Also stored within the ap- 

20 plication station is the appropriate hardware to 
open a lock or remit cash. Such hardware is well 
known by those in the particular art to which the 
application station pertains. A discussion of certain 
of these applications follows. 

25 

APPLICATIONS 



30 

Computer Access Security System 

FIG. 6 discloses one application of the present 
invention in a computer access security system. In 

35 this system, terminal stations 101 and 102 provide 
access to host computer 600 so long as the user 
can be authenticated. In one situation, the user 
inserts his smart card 501 into a terminal security 
server (TSS) 610 for the purpose of verifying that 

40 he is entitled to access host computer 600. 
Modems 641 and 643 are frequently needed to 
adapt digital signals to transmission over public 
switched network 650. At the host location, host 
security server (HSS)630, together with host smart 

45 card 503, grants access only to authorized users. 
In this application, TSS 610 includes a reader/writer 
unit 900 such as shown in FIG. 5, that interacts 
with smart card 501 to exchange electrical signals 
between the smart card and a particular application 

so station. The user transmits his password to smart 
card 501 via terminal station 101 which commen- 
ces the authentication process with HSS 630 and 
host smart card 503. Security is improved by stor- 
ing the authentication algorithms and master 

55 strings within smart card 503 rather than in the host 
computer. Whereas a super-user might be able to 
access secret codes stored within the host com- 
puter 600, the host smart card is configured to only 



grant or deny access; secret inebriation within the 
card 503 is not available to anyone after it has 
been entered. Since individual user ID numbers do 
not have to be stored in the present invention, it is 
possible to handle the authentication of vast num- 
bers of users with minimal storage so that smart 
cards using EEPROMS of moderate size, say 2048 
bytes, are adequate for the task. The authentication 
process performed in this application is the same 
as discussed above using DES or another suitable 
enciphering computation. 

Variations of this system include the situation 
where the TSS 610 is replaced by a portable 
security server (PSS) 620. Here, the user types his 
identification number (ID) n into terminal station 102. 
(ID) n is then transmitted to HSS 630 which includes 
host smart card 503. HSS 630 returns a challenge 
number which is displayed on terminal station 102. 
The user then enters this challenge number into 
PSS 620 using keys 622. Contained within PSS 
620 is smart card 502 which stores secret code S n 
and encryption algorithm E2. It computes a re- 
sponse R n to the challenge number and displays it 
on liquid crystal display 621. Thereafter, the user 
enters R n into terminal station 102 and awaits ac- 
cess to host computer 600. Clearly, each terminal 
station 101,102 could contain the equipment pres- 
ently housed within TSS 610 or PSS 620. 



Premises Access Security System 

An important application of the present inven- 
tion is in connection with the replacement of con- 
ventional door locks and mechanical keys where 
high security is important. Smart cards are useful 
in this application because they can be selectively 
revoked and adapted for use oniy during predeter- 
mined hours. Further, they can be programmed to 
commence or expire on certain dates. The present 
invention is particularly advantageous in such a 
distributed system because the identity of each 
newly authorized user does not have to be commu- 
nicated to each lock, although information regard- 
ing users no longer having authorization must be 
so communicated. The security of microwave 
"huts," which control vital junction points in the 
national telecommunication network, is of critical 
importance. Such locations warrant greater protec- 
tion than easily duplicated mechanical keys can 
offer. 

An example of a premises access security 
system is shown in FIG. 7 which illustrates another 
application of the present invention. Door 830 pro- 
vides entry to a secure location such as a room or 
a building. Outside handle 850 does not normally 
operate the lock, but is provided merely for conve- 
niently pushing or pulling on the door once the lock 



is open. A bolt a^-dmbly is driven by an inside 
handle (not shown) and includes a protrusion 840 
which engages a strike 995 positioned in the door 
jamb. In the embodiment of FIG. 7, the strike itself 
5 is activated to permit the opening and closing of 
the door. Alternatively, the bolt within the door 
could have been controlled in accordance with the 
invention. Lock 800 is positioned adjacent the door 
jamb on wall 820 and includes a slot 810 for 

10 inserting an electronic key. 

Referring now to FIG. 8. additional detail is 
provided regarding the hardware needed to support 
this particular application. In order to obtain access, 
the user first inserts his key 500 (smart card) into 

75 slot 810 (see FIG. 7) of lock 800. Once the key 500 
is in contact with reader/writer unit 900, as dis- 
cussed in connection with FIG. 5, authentication 
can begin. The user enters his password using the 
switches 120 on user interface 100 which is trans- 

20 ferred to key 500 via reader/writer unit 900. If the 
entered password matches the password stored in 
memory 550 of key 500, then the key transmits its 
identification number (ID) n to application station 
990, and more particularly to authentication device 

25 700 which carries out the authentication procedure 
discussed in connection with FIG. 1. In the event 
that the key is authenticated, processor 760 deliv- 
ers a pulse to relay driver 770 which activates relay 
780 thereby closing contact K1. Power is now 

30 applied to electric strike 995 which enables the 
door to be pulled open. A suitable transducer for 
carrying out this function is the Model 712 Electric 
Strike, manufactured by Folger Adam Co. that re- 
quires 12 volts DC at 0.3 amperes. Information 

35 regarding door entry may be delivered to the user 
on display 110 of the user interface 100. Such 
information might include prompts for using the 
system, a message that the key has expired or that 
the password should be re-entered. Processor 760 

40 includes memory for storing encryption algorithms 
Ei and E2 as well as a list of lost/stolen keys and 
those ID numbers that have been granted access 
to the facility over some time period. Such informa- 
tion can be delivered to, and displayed on, user 

45 interface 100 when properly commanded. 



Multiple Secret Codes 

50 In accordance with the present invention, the 

smart card may be used in connection with a 
plurality of authentication devices in which each 
device grants access to different user population. 
This is made possible by storing a plurality of 

55 secret codes within each smart card - very much 
like having a number of different keys on a single 
key ring. Knowing which s cret code to use is 
communicated to the smart card when the chal- 
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lenge is delivered. Recall that challenge C com- 
prises a 64-bit (8 byte) random number in the 
preferred embodiment. An additional byte (header) 
is added to the challenge, as shown in FIG. 10, that 
selects one of the secret codes S n stored within the 
memory of the smart card. Here, the header cor- 
responds to the address of the particular secret 
code to be used in providing the correct response 
to the challenge. An 8-bit header accommodates 
256 different secret codes, many of which may be 
used to enhance the security of a single authen- 
tication device. Perhaps 2 or 3 different challenges 
might be issued in an extremely high security 
application. In situations where 64-bits of random 
data are not necessary, various bit positions of the 
challenge number can be dedicated to identifying 
the particular secret code to be used. 



Peer-toPeer Authentication 

In a number of situations, it is desirable for 
authentication to proceed between two members of 
a population who desire to exchange secret inior- 
mation after the identity of each member is verified 
to the satisfaction of the other. The present inven- 
tion is useful in this regard because it does not 
require storage of the identification numbers of all 
members of the population. However, each of the 
smart cards must generate a challenge signal, 
store secret code S n as well as encryption al- 
gorithms Ei and E2, and compare response num- 
bers with R„ with R n . Authentication proceeds in a 
manner similar to the procedure of FIG. 1, except 
that the combined functions of smart card 500 and 
authentication device 700 are now contained within 
a single, more powerful smart card. After the first 
smart card authenticates itself to the second, the 
second smart card authenticates itself to the first. 
This assures the first user that he has reached the 
correct destination, and it assures the second user 
that the person seeking access is entitled to it. 
Since each smart card now carries the secret mas- 
ter string, security is potentially weakened. How- 
ever, the master string is not retrievable from mem- 
ory and cannot be determined by trial and error 
within a reasonable time. 

Modifications and variations of the present in- 
vention are possible and include, but are not limit- 
ed to, the following: (i) smart cards are portable 
devices that may assume any convenient shape; 
(ii) smart cards may include metallic contacts al- 
though the disclosed contactless interface offers 
great resistance to external contaminants and elec- 
trical discharge; (iii) challenge numbers need not 
be random or even secret, although some degrada- 
tion to security is inevitable; and (iv) encryption 
algorithms Ei and E 2 may be less complex than 



DES and may even be implemented in hardware 
comprising no more than an Exclusive-OR gate. 

5 Claims 

1. A system for controlling access to a secure 
facility, the system including a portable object 
(500) and means for transferring data between the 

w portable object and the facility, 
the facility comprising: 

memory means for storing encryption algorithms 
Ei and E2; 

means (750) for generating a challenge number 
15 (C); 

means responsive to an identification signal (ID)- 
subn that identifies the particular portable object 
(500) seeking to gain access to the facility, and to 
encryption algorithm Ei for generating a secret 

20 code (S n ); 

means (720) responsive to the challenge number 
(C). to the secret code (S n ) and to encryption 
algorithm E 2 for generating a first response signal 
(R„); means (760) for comparing the first response 

25 signal (R n ) with a second response signal (R n ) 
generated by the portable object, and for providing 
an enabling signal when the comparison is favor- 
able; 

the portable object (500) comprising: 

jo memory means (550) for storing the secret code 
(S n )and the encryption algorithm E 2 ; and 
means (563) responsive to the secret code (S n ), to 
the challenge number (C) received from the facility, 
and to encryption algorithm E2 for generating a 

35 second response signal (R n ) and transmitting same 
to the facility. 

2. The system of claim 1 wherein the facility further 
includes: 

means for storing a list of identification numbers 
40 not entitled to access the secure facility; and 

means (770) for determining correspondence be- 
tween the stored list of identification numbers and 
the identification signal that identifies the particular 
portable object seeking access to the facility, and 
45 for denying access to the facility when such cor- 
respondence exists. 

3. The system of claim 1 wherein the means (710) 
for generating the secret code (S n ) comprises a 
first processor, jointly responsive to the identifica- 

50 tion signal and to a secret master string, for ex- 
ecuting a predetermined sequence of steps in ac- 
cordance with encryption algorithm Ei. 

4. The system of claim 1 wherein the means (720) 
for generating the first response signal comprises a 

55 first processor, jointly responsive to the secret 
code (S n ) and to the challenge number (C), for 
executing a predetermined sequence of steps in 
accordance with encryption algorithm E2. 



5. The system of claim 1 wheiv.. the means (563)" 
for generating the second response signal com- 
prises a second processor, responsive to the se- 
cret code and to the challenge number, for execut- 
ing a predetermined sequence of steps in accor- s 
dance with encryption algorithm E2. 

6. The system of claim 3 wherein encryption al- 
gorithm E 1 is a process for encrypting data in 
accordance with the Data Encryption Standard. 

7. The system of claim 5 wherein encryption al- 10 
gorithm E2 is a process for encrypting data in 
accordance with the Data Encryption Standard. 

8. The system of claim 1 wherein the challenge 
number is substantially random. 

9. A method for testing the authenticity of a porta- 15 
ble electronic device (500) and for enabling access 

to a secure facility when the portable electronic 
device is authentic, the method comprising the 
steps of: 

storing encryption algorithms Ei and E 2 ; 20 
receiving an identification signal (ID) n that identifies 
the particular portable electronic device seeking 
access to the facility; 

generating a secret code (S n ) in accordance with 
encryption algorithm Ei using the identification sig- 25 
nal as an input; 

generating a challenge number (C) and transmitting 
same to the portable electronic device; 
generating a first response signal (R' n ) in accor- 
dance with encryption algorithm E 2 using the se- 30 
cret code and the challenge number as inputs; 
comparing the first response signal (R n ) with a 
second response signal (R n ) generated by the por- 
table electronic device; and 

enabling access to the secure facility when the 35 
comparison is favorable. 

10. The method of claim 9 further including the 
steps of: 

storing a list of identification numbers not entitled 
to access the facility; and 40 
denying access to the facility when the received 
identification signal corresponds to a identification 
number stored on the list of those not entitled to 
such access. 
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(54) Precede de debogage de programme d'application de carte a memoire et systeme de dlbogage. 

(57) (.'invention concerne les systemes de debogage de 
programmes ^application de cartes a puces. Elle s'appli- 
que aux cartes com porta nt un micro processeur et une me- 
moire non volatile programmable electriquement, cette me- 
moire contenant un programme d'application executable 
par le microprocesseur. 

Pour realiser le debogage on utilise un systeme tres sim- 
ple fonde sur le fait que la memoire du programme d'appli- 
cation est programmable electriquement on se sert de 
cette memoire pour stocker d'une part des versions provi- 
soires et modifiables du programme d'application. et d'au- 
tre part un programme d'aide au debogage. Le systeme de 
debogage com pre nd en pratique seulement une carte a 
puce ecnantllon (30), un lecteur de carte (32) f et un micro- 
ordinateur (34) pour pfloter les echanges entre la carte et le 
lecteur. Le procede consiste essentieflement a stocker en 
memoire le programm a debogu r, a modifi r un instruc- 
tion de ce programme pour la remplacer par une instruction 
de branchement vers I programm d'akfe au debogage. et 
a lancer le programme d'application. L programm d'aid 
foumtt d s r ns ignements sur I'etat du systeme au mo- 
ment du branchemenL 
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PROCEDE DE DEBOGAGE DE PROGRAMME D 'APPLICATION 
DE CARTE A MEMOIRE ET SYSTEME DE DEBOGAGE 



L 1 invention concerne la mise au point de programmes 
d 1 application de cartes a puces incorporant un 
microprocesseur et une memoire de programmes. 

Si la carte a puce comprend un microprocesseur, 
5 c'est pour pouvoir executer des programmes d 1 application 
qui se presentent sous forme d 1 instructions successives 
donnees au microprocesseur. Ces instructions portent sur 
des operations internes a la carte et sur les echanges 
de donnees ef fectues entre la carte et un lecteur de 

10 carte dans lequel la carte est inseree. 

Pour la mise au point de tout programme 
d' application de microprocesseur, il est necessaire de 
passer par une phase de debogage dans laquelle le 
programme d 'application est teste, dans des conditions 

15 aussi proches que possible de la realite, et les erreurs 
eventuelles sont detectees puis corrigees. Les cartes a 
puces a microprocesseur n'echappent pas a cette regie. 

Les cartes a puces qui sont plus specialement 
concernees par la presente invention sont les cartes a 

20 microprocesseur comportant non seulement une memoire 
morte (ROM) et une memoire vive de travail (RAM) , mais 
aussi une memoire electriquement eff arable et 
reprogrammable (EEPROM) ou siraplement electriquement 
programmable (EPROM) . La memoire morte comprend un 

25 programme fige, intangible, representant notamment le 
systeme d ' exploitation de la carte a microprocesseur : 
gestion des memoires, gestion des securites d'acces, et 
plus generalement tous les programmes obligatoires non 
modifiables de la carte a puce. La mSmoire RAM sert 

30 classiquement a stocker des donnees temporairement et de 
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maniere volatile au cours de 1' execution d'un programme. 
La memoire EEPROM ou EPROM contient des donnees non 
volatiles et peut contenir aussi des programmes 
d' application varies, pour que la carte puisse avoir des 
5 fonctionnalites supplementaires, specif iques d'une 
application donnee. 

L 1 invention s'interesse tout particulierement au 
debogage des programmes d" application stockes en memoire 
non volatile EEPROM ou EPROM et executables directement 

10 a partir de cette memoire. 

Dans la suite on ne parlera que de memoires EEPROM, 
c'est-a-dire non seulement programmables mais aussi 
eff arables electriquement , 1 ' invention etant 

particulierement interessante dans ce cas. 

15 Pour effectuer le debogage d'un programme 

d' application qui est ainsi destine a etre stocke en 
memoire non volatile pour etre execute, on utilise 
habituellement un outil de developpement qui comprend 
d'une part un simulateur de carte et d 1 autre part un 

20 emulateur de microprocesseur • 

La figure 1 rappelle la constitution classique d'un 
outil de developpement d 'application de microprocesseur. 

Le simulateur de carte 10 est un appareil 
electronique destine a etre connecte d'une part a un 

25 lecteur de carte 12 (par l f intermediaire d'une extension 
14 simulant les contacts d'accds d'une carte a puce), et 
d' autre part a l 1 emulateur 16. Le simulateur remplace la 
carte et possede toutes les ressources de la carte 
(memoires RAM, ROM, EEPROM, interfaces d f entr§e/sortie 

30 etc,) sauf le microprocesseur. 

L* emulateur 16 simule le f onctionnement du 
microprocesseur de la carte et comprend a cet effet un 
microprocesseur identique S celui des cartes utilisees 
dans l f application. L 1 Emulateur est reliS d'une part au 
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simulateur de carte 10 pour que son microprocesseur soit 
dans le meme environnement que s'il etait monte 
effectivement sur une carte avec les ressources de 
celle-ci; et il est relie d' autre part a un 
5 microordinateur 18 capable de le commander c'est-a-dire 
de lui fournir toute instruction souhaitee et capable 
d'echanger des donnees avec lui. 

Le lecteur de carte 12 quant a lui est relie aussi 
a un autre microordinateur 20 capable de le commander 

10 pour lui permettre d'echanger des donnees avec le 
simulateur de carte par 1 1 intermediate de 1« extension 
14, exactement comme si une veritable carte etait 
inseree dans le lecteur. C'est par ce deuxieme 
microordinateur 20 que I'on pourra recueillir toutes les 

15 informations utiles sur ce qui se passe dans la carte, 
le premier microordinateur ayant pour role de fournir 
des instructions au microprocesseur pour lui faire 
executer des programmes contrdles. 

Le developpement de 1 1 application avec cet outil 

20 classique consiste a : 

- faire executer un programme d 1 application 
par le microprocesseur de l'emulateur, soit completement 
soit partiellement, soit en mode pas-a-pas, soit en 
imposant des points d' arrets, etc. 

25 - examiner le fonctionnement global et 

detaille, en s • interessant notamment aux contenus des 
roemoires et registres internes du microprocesseur a 
diverses etapes du programme. 

- detecter les defauts de f onctionnalites et 

3 0 autres erreurs; 

- modifier le programme d 1 application dans un 
sens tendant a supprimer les defauts con :ates; 

- et recommencer le debogage *c le programme 
d' application modifie, ceci jusqu'a di rition complete 
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des defauts constates • 

II faut done un outil de developpement relativement 
compliqu£ (un emulateur + un simulateur + deux 
ordinateurs personnels) et done cher pour effectuer ce 
debogage. 

D* autre part le simulateur de carte est rarement 
parfaitement compatible avec la carte qu'il doit 
simuler : il peut y avoir des hearts de conditions 
d' operation (tension d 'alimentation, frequence 
d'horloge, jeu d 1 instructions, etc, ). En effet, on ne 
modifie pas les outils de debogage, emulateur et 
simulateur, chaque fois qu'on apporte des petites 
modifications aux series de cartes fabriquees. 

Enfin, 1 ' utilisateur de la carte, qui developpe 
1* application, n'est pas le fabricant de la carte et du 
materiel de simulation et il peut etre a l 1 autre bout de 
la planete. La maintenance de 1' outil de developpement 
peut done poser des problemes difficiles. 

Un but de I 1 invention est d'ameliorer les outils de 
debogage pour les cartes a puces a microprocesseur 
incorporant une memoire non volatile programmable 
electriquement, susceptible de contenir un programme 
d 1 application. 

Selon l 1 invention, on propose un systeme de 
d&bogage de programme d 1 application de carte a memoire 
comprenant une carte a memoire echantillon correspondant 
a celle utilisee dans 1 'application a dSboguer, cette 
carte comportant au moins un microprocesseur et une 
m§moire non volatile programmable electriquement, un 
lecteur de carte dans lequel cette carte est introduite, 
un microordinateur (ordinateur personnel ou autre 
console de contr61e) pour controler le lecteur et 
notamment les ^changes de donnees entre la carte et le 
lecteur, le programme & dSboguer etant contenu dans une 
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premiere zone de la memoire non volatile de la carte, et 
un programme d'aide au debogage 6tant contenu dans une 
deuxieme zone de la memoire non volatile. 

En pratique, le programme d'aide au debogage 
5 comporte des moyens pour sauvegarder dans la memoire non 
volatile des donnees internes representant le 
fonctionnement de la carte a un instant donne. 

On peut notamment charger dans la memoire non 
volatile un programme d 1 application comportant une 
10 instruction modifiee a I'endroit oQ on veut observer le 
comportement interne de la carte, cette instruction 
modifiee etant une instruction de branchement vers le 
programme d'aide au debogage. 

Le procede de debogage selon 1 1 invention comprend 
15 les operations consistant a : 

- introduire une carte echantillon dans un 
lecteur de cartes controle par un microordinateur, la 
carte comportant un microprocesseur et une memoire non 
volatile programmable electriquement , 

2 Q - charger dans la memoire non volatile, a 

1'aide du microordinateur et du lecteur, un programme 
d' application a deboguer, et un programme d f aide au 
debogage , 

donner par 1 ' intermediaire du 

25 microordinateur et du lecteur des ordres de modification 
et/ou d' execution du programme charge, 1* execution etant 
eventuellement modifiee sous le controle du programme 
d'aide au debogage, et recueillir dans le 
microordinateur les donnees resultant de 1* execution du 
30 programme, 

- modifier le programme d 1 application s'il y a 
lieu en fonction des resultats et recommencer les etapes 
de chargement d'un programme d' application, d 1 execution, 
et de recueil des donnees. 
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Le programme d'aide au debogage pourra comporter 
des moyehs pour simuler la suite d'une sequence 
d'echanges entre la carte et le microprocesseur 
lorsqu'une telle sequence a ete interrompue en vue de la 
sauvegarde du contexte machine dans la memoire non 
volatile • 

Par consequent, au lieu d'utiliser un simulateur de 
carte qui comprend toutes les ressources de la carte 
sauf le microprocesseur, un emulateur qui comprend le 
microprocesseur, et un microordinateur qui comprend un 
programme pour le microprocesseur, on utilise simplement 
une carte echantillon, identique a celle qui sera 
ef fectivement utilisee dans 1' application. Cette carte 
comprend ses propres ressources (memo ires vives, mortes 
et non volatiles) , son microprocesseur, un programme 
d* application stocke en memoire non volatile et un 
programme d'aide au debogage stocke dans la meme memoire 
et apte a modifier partiellement 1' execution du 
programme d 1 application, Seul un lecteur de carte et un 
seul microordinateur pour le controler sont necessaires 
pour effectuer le debogage. Le debogage s'effectue par 
chargements successifs de programmes modifies jusqu'a 
elimination complete des erreurs. On utilise ainsi tres 
avantageusement le fait que le programme d' application 
est directement executable a partir d'une memoire non 
volatile et le fait que cette memoire est programmable 
electriquement a partir du lecteur de cartes. 

Le microordinateur est capable notamment d'inserer 
des points d 1 arret (instructions de branchement vers le 
programme d'aide au debogage) a des points designes du 
programme d' application. Le programme d'aide au debogage 
stocke en memoire non volatile est de preference capable 
de lire et modifier les contenus des diverses zones de 
memoire (vive et non volatile) et de sauvegarder en 
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memoire non volatile les contenus de registres divers de 
la carte, cela a n'importe quel moment du processus 
d'echange entre la carte et le lecteur. 

D'autres caracteristiques et avantages de 
5 1' invention apparaitront a la lecture de la description 
detaillee qui suit et qui est faite en reference aux 
dessins dans lesquels : 

- la figure 1, deja decrite, represente la 
constitution classique d'un outil de developpement 

10 d' application de carte a puce a microprocesseur; 

- la figure 2 represente la constitution de 1' outil 
de developpement selon l 1 invention; 

- la figure 3 represente schema tiquement le contenu 
de la puce d'une carte a puce; 

15 - la figure 4 represente 1 1 organisation de la 

memoire non volatile avec des zones de donnees et des 
zones de codes executables; 

- la figure 5 represente un exemple de sequence 
d'echanges entre une carte a puce et un lecteur de 

20 carte. 

La figure 2 represente 1' outil de developpement 
selon 1' invention permettant le debogage d'un programme 
d' application d'une carte a microprocesseur lorsque ce 
programme est stocke dans une memoire non volatile 
25 interne, programmable electriquement (en general EEPROM 
done egalement eff arable electriquement) , de la puce de 
circuit integre de la carte. 

L' outil est tres simple : il comprend 

- une carte echantillon 3 0 correspondant 
30 exactement aux cartes qui seront utilisees lorsque le 

programme sera def initivement au point; 

- un lecteur de carte 32 dans lequel on peut 
inserer la carte et echanger avec elle des donn6es selon 
une procedure qui n'est pas differente de la procedure 
qu'on utilisera dans 1 1 application finale; 
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- et un microordinateur 34 pour controler le 
lecteur et done les echanges avec la carte. Les echanges 
avec la carte sont class iquement des echanges en serie. 
Les echanges entre le microordinateur et le lecteur 
peuvent se faire par une liaison classique type RS232. 

La carte echantillon, comme la carte de 
1* application finale comporte classiquement , comme cela 
est represente a la figure 3 un microprocesseur (CPU) 
avec tous ses registres et operateurs internes, une 
memoire morte ROM de programme, pour les programmes 
figes deja mis au point et principalement pour le 
systeme d" exploitation de la carte, une memoire vive de 
travail (RAM) , volatile, et une memoire non volatile 
programmable electr iquement, de preference EEPROM, 
pouvant contenir des donnees mais aussi du code 
executable, notamment le programme d 'application qu'on 
cherche a mettre au point. La carte peut comprendre bien 
sdr d'autres circuits et notamment des circuits de 
securite etablissant les autorisations d* echanges entre 
le lecteur et la carte. Ces echanges se font par des 
connexions d 1 entree/sortie E/S, en principe en mode 
serie. 

Lors de la mise au point du programme d f application 
contenu en memoire non volatile, on utilise une premiere 
zone Zl de cette memoire pour contenir le programme a 
deboguer, et une autre zone de memoire Z2 pour contenir 
un programme d'aide au debogage. Ces deux zones 
contiennent du code executable par le microprocesseur de 
la carte. Une troisieme zone Z3 sert de memoire de 
donnees non volatiles; ces trois zones sont accessibles 
en lecture, ecriture et effacement par le 
microprocesseur. D'autres zones peuvent encore etre 
pr§vues, par exemple pour contenir des informations non 
accessibles en lecture et/ou en programmation et/ou en 
effacement par le microprocesseur. 
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La figure 4 represente cette organisation de la 
memoire non volatile de la carte echantillon qui sert au 
debogage . 

Le programme d'aide au debogage qui est contenu 
5 dans la zone Z2 de la memoire est un programme 
permettant de faire executer par le microprocesseur 
diverses operations permettant d 1 analyser le deroulement 
du programme principal; par exemple, ce programme d'aide 
comprend des instructions permettant de stocker en 

10 memoire non volatile les contenus de registres et de la 
memoire vive du microprocesseur, puis de les lire pour 
les envoyer au microordinateur. II permet aussi de lire 
et modifier des zones de la memoire vive ou de la 
memoire non volatile. 

!5 La mise au point du programme se deroule de la 

maniere suivante : par le microordinateur 34 et par 
1' intermediaire du lecteur de carte 32 commande par le 
microordinateur, on charge dans la zone Zl de la memoire 
non volatile de la carte le programme d 1 application; on 

20 modifie par exemple une instruction de ce programme pour 
y introduire un point d' arret (permettant d 1 examiner 
l'etat de la carte a 1 ' instant oQ ce point est atteint) ; 
le point d' arret consiste en une instruction de 
branchement vers le programme d'aide au debogage qu'on a 

25 stocke dans la zone Z2 . 

On fait executer le programme d' application jusqu'a 
1' instruction de branchement, a partir de laquelle le 
programme d'aide au debogage prend le relais pour 
effectuer certaines operations, et notamment le releve 

30 de certains registres et memoires du circuit. Ces 
releves sont stockes en memoire EEPROM, dans la zone de 
donnees Z3. Ces releves seront lus ulterieurement par le 
microordinateur 34; ils permettent de controler le 
fonctionnement de la carte et de detecter des erreurs de 
f onct ionnement . 
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Le programme d'aide au debogage permet aussi de 
modifier le contenu de certaines zones de memoire vive 
ou de la memoire non volatile, et meme le contenu de 
certains regis tres internes du microprocesseur. 

Dans la pratique, les normes d 1 utilisation des 
cartes a puces prevoient un protocole d' echanges assez 
strict entre la carte et le lecteur. 

Ce protocole defini par la norme ISO 7816-3 est 
encore appele T = 0 ; il est represents schema tiquement 
a la figure 5 : c'est le lecteur de carte qui a le 
controle permanent des echanges et non la carte (pendant 
la mise au point de 1 'application, le lecteur est 
controle par le microordinateur 34) ; le lecteur envoie 
des octets de commande CMD pour definir les operations a 
effectuer par la carte; la carte repond par un octet de 
procedure PB; puis les echanges de donnees ont lieu 
(signaux DATA IN ou DATA OUT selon que la carte recpoit 
ou emet des donnees) ; et enf in la carte emet deux octets 
de fin de procedure ME1, ME2 . Si le deroulement de la 
sequence n'est pas conforme a cette procedure, le 
lecteur envoie un message d'erreur et reprend le 
contr61e. Cette procedure normalisSe est donn§e a titre 
d'exemple. 

Une des fonctions importantes du debogage est la 
connaissance du contexte machine (contenu de la memoire 
vive, contenu des registres microprocesseur) a un 
instant donne du deroulement du programme d' application; 
cela veut dire qu'une sequence d'echanges entre le 
lecteur et la carte sera forcement interrompue si on a 
besoin de connaitre le contexte au milieu de cette 
sequence. Or le lecteur reagit a toute rupture de 
sequence en emettant un message d'erreur et en 
r«*initialisant tous les registres. 

Selon 1' invention, on propose un moyen pour 
permettre quand meme la connaissance du contexte machine 
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a un instant desire d'une sequence d'echanges. 

Pour atteindre ce but, le programme d'aide au 
debogage (vers lequel on deroute le programme 
d' application a l'endroit d§sire) contient des 
instructions de sauvegarde des contenus registres et 
memoires qu'on veut observer, et des instructions de 
simulation d'echanges de donnees avec le lecteur. La 
sauvegarde est faite dans la zone de donnees Z3 de la 
memo ire EEPROM. 

Par consequent, la sequence d' analyse se deroule de 
la maniere suivante : le programme d 1 application est 
charge dans la memoire EEPROM (zone Zl) avec une 
instruction modifiee a l'endroit ou on veut observer le 
contexte machine; 1 ' instruction modifiee est une 
instruction de branchement vers le programme d"aide au 
debogage (zone Z2) ; le programme d'aide au debogage 
ecrit alors en memoire EEPROM (zone Z3) le contenu des 
registres et memoires et il execute une sequence fictive 
d'echanges avec le lecteur de carte (a partir du point 
ou cette sequence a ete interrompue) pour laisser croire 
au lecteur que la sequence en cours se deroule 
normalement. 

Par exemple, si la sequence en cours est une 
sequence d' envoi de donnees par la carte et si on veut 
observer le contexte machine juste apres l 1 octet de 
procedure PB, le programme d'aide au debogage enverra 
des donnees quelconques au lecteur pendant la sauvegarde 
du contexte machine. Si la sequence en cours etait une 
sequence de reception de donnees par la carte, le 
programme d'aide au debogage simulerait une reception de 
donnees. 

Le contexte machine sauvegarde en memoire non 
volatile a des adresses specif iees de la zone Z3 pourra 
etre lu ult6rieurement : le microordinateur 34 peut lire 
ou ecrire a n'importe quelle adresse de la memoire non 
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volatile sauf eventuellement dans des zones a acces 

reserve. La revelation du contenu des registres du 

microprocesseur par la lecture ulterieure de la zone Z3 

permet de comprendre les erreurs du programme de 

1* application et de les corriger. 

Par exemple, pour le microprocesseur ST8 de 

SGS-THOMSON MICROELECTRONICS S.A. , la serie 

d 1 instructions microprocesseurs de debogage qui servent 

a la sauvegarde du contenu des registres, est, en 

langage assembleur, la suivante : 

Input FUenamo : BPKGR.asro 
Output filename : BPHGR.obJ 
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Cette serie d • instructions est utilisable telle quelle 
sur tous les microprocesseurs du type 6805. Elle doit 
etre modifiee en fonction du langage utilise par le 
microprocesseur, pour les autres microprocesseurs. Sa 
structure et son but se deduisent de ceux indiques 
ci-dessus. 
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REVENDICATIONS 



1. Systeme de debogage de programme d" application 
de carte a memoire comprenant une carte a memoire 
echantillon (30) correspondant a celle utilisee dans 
1* application S deboguer, cette carte comportant au 
moins un microprocesseur et une memoire non volatile 
programmable electriquement, un lecteur de carte (3 2) 
dans lequel cette carte est introduite, un 
microordinateur (34) pour controler le lecteur et 
notamment les echanges de donnees entre la carte et le 
lecteur, le programme a deb guer etant contenu dans une 
premiere zone (Zl) de la memoire non volatile de la 
carte, et un programme d'aide au debogage etant contenu 
dans une deuxieme zone (Z2) de la memoire non volatile. 

2. Systeme selon la revendication 1, caracterise 
en ce que le programme d'aide au debogage comporte des 
moyens pour sauvegarder dans la memoire non volatile des 
donnees internes repr£sentant le fonctionnement de la 
carte . 

3. . Systeme selon l'une des revendications 1 et 2, 
caracterise en ce qu'il comporte des moyens pour charger 
dans la memoire non volatile un programme d 1 application 
comportant une instruction modifiee a l'endroit ou on 
veut observer le comportement interne de la carte, cette 
instruction modifiee etant une instruction de 
branchement vers le programme d'aide au debogage, 

4. Proc£de de debogage d ' application de carte a 
puce, ce proc^de etant caracterise en ce qu'il comprend 
les operations consistant a : 

- introduire une carte echantillon (30) dans 
un lecteur de cartes (3 2) controle par un 
microordinateur (34), la carte comportant un 
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microprocesseur et une memoire non volatile programmable 
electr iquement , 

- charger dans la memoire non volatile, a 
l'aide du microordinateur et du lecteur, un programme 

5 d 1 application a deboguer, et un programme d'aide au 
debogage, 

donner par 1 1 intermediaire du 

microordinateur et du lecteur des ordres de modification 
et/ou d 1 execution du programme charge, 1" execution etant 
10 eventuellement modifiee sous le controle du programme 
d'aide au debogage, et recueillir dans le 
microordinateur les donnees resultant de 1' execution du 
programme , 

- modifier le programme d' application s'il y a 
15 lieu en fonction des resultats et recommencer les etapes 

de chargement d'un programme d' application, d 1 execution, 
et de recueil des donnees. 

5, Procede selon la revendication 4, caracterise 
en ce que le programme d'aide au debogage comporte des 

20 moyens pour sauvegarder dans la memoire non volatile les 
contenus de memoires et registres internes representant 
le contexte machine du microprocesseur. 

6. Procede selon la revendication 5, caracterise 
en ce que le programme d'aide au debogage comporte des 

25 moyens pour simuler la suite d'une sequence d'6changes 
entre la carte et le microprocesseur lorsqu'une telle 
sequence a ete interrompue en vue de la sauvegarde du 
contexte machine dans la memoire non volatile. 




-14 









RS232 


MICRO-ORDINATEUR - 



12 



20 




4^67419 



2/2 



FIG-3 




Z1 < 
13 < 

12 



PROGRAMME 
□'APPLICATION 



MEMOIRE 
OE DONNEES 



PROGRAMME 
DE DEBOGAGE 



EPROM 
'ou EEPROM 



FIG_4 



COMMANDE 
CMP 

Mill 



IT 

PB 



FIG.5 



OATA IN 

fl- 



it 



OATA OUT 



LU 
ME1 ME2 



| LECTEUR 
) CARTE 



REPUBLIQUE FRANCHISE 



INSTITUT NATIONAL 
de la 

PROPRJETE INDUSTRIELLE 



RAPPORT DE RECHERCHE 

etabli sur la base des dernieres revindications 
deposees avant te commencement de la recherche 



2667419 

N° feoregisirefnent 
■atiooai 



FR 9012114 
FA 448145 



DOCUMENTS CONSIDERES COMME PERTINENTS 



Catcgorie 



Citation du document avec indication, en cas de besom, 
des parties pcrtincntes __ 



Revendications 
concern ees 



de la demande 
examinee 



EP-A-0 356 237 (HITACHI) 

* Abrege; colonne 2, lignes 30-65; 
colonne 3, lignes 1-15: colonne 3, 
lignes 1-57 * 

US-A-4 777 355 (MITSUBISHI) 

* Abrege * 

FR-A-2 633 755 (MITSUBISHI) 

* Abrdge * 



1-6 

1.2 
1,3 



OOMAINES TECHNIQUES 
RECHERCHES (fat. OS) 



G 06 K 
G 07 F 



Dit£ fm Unm tM * la 

03-05-1991 



CHIARIZIA S.J 



CATEGORIE DES DOCUMENTS CITES 

X : particatltremeat pertloeat ft lot seul 

Y : particaltcremeat pertinent ea comblaafeon avec ao 

antre docament de la a toe categoric 
A : pertinent ft rencontre d"ao uofns ute revendlcatlon 

on aniere-plan tecbnologlqae general 
O : divulgation non-ccrite 
P : docament Intercalate 



T : tbeorie on prlndpe ft la base de (Movent Ion 

E : docament de brevet ben Hi dint d'loe date anttrkare 

ft la date de depot et qui n'a fte pufatit qo'a cette date 

de depot on on' a one date posterleure. 
D : dtt dans la demande 
L : cite poor fautres rafsons 

it : aembre de la roerae famllle, doenment correspooftaot 



***** 



